The company will re-brand its online protection service as well.

Share this story

To "align" its security and protection software, Microsoft has announced that it is discontinuing five of its Forefront-branded products.

The company will stop selling Forefront Protection 2010 for Exchange Server (FPE), Forefront Protection 2010 for SharePoint (FPSP), Forefront Security for Office Communications Server (FSOCS), Forefront Threat Management Gateway 2010 (TMG), and Forefront Threat Management Gateway Web Protection Services (TMG WPS) as of December 1st, 2012. FPE, FPSP, FSOCS, and TMG WPS subscriptions will be supported until the earlier of December 31st, 2015, or each customer's current subscription date. TMG will receive mainstream support until April 14th, 2015, and extended support until April 14th, 2020.

Forefront Identity Manager and Forefront Unified Access Gateway will continue to be developed.

Microsoft is also renaming its online protection service, Forefront Online Protection for Exchange, to remove the Forefront branding. From now on, it will be named Exchange Online Protection.

Some features from the discontinued products are being integrated elsewhere. Exchange 2013, for example, will incorporate some of the anti-malware protection currently provided by FPE (and it will also allow integration with other protection systems such as Exchange Online Protection). Others, it appears, are being terminated with no real replacement.

I think that it's important to note that "Microsoft Security Essentials" is a direct derivative of the Microsoft Forefront software that was acquired from a company on Long Island, NY, formerly known as Sybari Antigen.

What is MS going to recommend to replace TMG for publishing OWA/Outlook Anywhere via reverse proxy?

Forefront UAG can publish resources such as OA, OWA, SharePoint etc. It's as much a re-written UI for TMG as it is new functionality, but UAG is only (currently) supported for incoming access to resources. Note that a lot of the terminology is vastly different - yay for learning curves

I'm hoping (and praying!) that Forefront UAG subsumes the outbound functionality of TMG, which is probably the only missing piece of the puzzle.

Jackattak wrote:

Agreed. Of all the products, FEP is the best. Going to be missed.

I don't see anywhere that suggests Forefront Endpoint Protection (MSE/FEP) is going away. Forefront Protection for Exchange is mentioned ... but that's FPE. Darn Microsoft and their annoying similar abbreviations!

Take the existing code and merge it into your Enterprise products. Allow for replacements to be used of course but offer a solution. Adjust the price of those other products and as long as the customer spends less money then the two being seperate, there is a cost benefit, to upgrading and supporting a single product.

Besides Microsoft doesn't have to maintain two seperate teams, they can make one large team, who split off into seperate groups. This means less managers and less overhead. They will likely sell the same amount of software in the end, perhaps even make more money, since its seen as a better value.

And I actually think that security essentials is the least-offensive working antivirus for home-use windows computers.

(And still as efficacious as the others, on average)

Security essentials doesn't actually catch any viruses.

You should tell this to my mother's computer which was acting strange, and the only product hat was able to fix the problem, was Microsoft Security Essentials.

I don't normally use FREE anti-virus programs and I have already sworn off several Anti-Virus companies because of their inability to write quality software. In this case I am nto actually talking about McAfee and Norton/Symantec

FEP turned into System Center Endpoint Protection (SCEP, I guess) and was built into System Center Configuration Manager 2012.

This is correct, I have been leading a huge project for my company. We are migrating from Symantec Endpoint Protection to System Center Endpoint Protection 2012 (SCEP). In order to manage the AV policies on the machines, send daily AV reports and whatnot, you have to setup and configure System Center Configuration Manager 2012 (SCCM). That portion has been the most difficult and time consuming.

The great thing about this is the licensing, for us at least. From MS: "License required only for endpoints being managed. No additional licenses are needed for management servers or SQL Server technology."

Operations Mangaer, Configuration Manager, Data Protection Manager, Service Manger, Virtual Machine Manager, Endpoint Protection, Orchestrator, and App Controller are all available with one license. At our company we use all of these components except Orchestrator and App Controller, which we may use at some point. At the end of the day we are able to simplify our licensing, and save money by removing Symantec. Luckily we made this move to Endpoint Protection now instead of to Forefront Protection two years ago.

FEP turned into System Center Endpoint Protection (SCEP, I guess) and was built into System Center Configuration Manager 2012.

This is correct, I have been leading a huge project for my company. We are migrating from Symantec Endpoint Protection to System Center Endpoint Protection 2012 (SCEP). In order to manage the AV policies on the machines, send daily AV reports and whatnot, you have to setup and configure System Center Configuration Manager 2012 (SCCM). That portion has been the most difficult and time consuming.

The great thing about this is the licensing, for us at least. From MS: "License required only for endpoints being managed. No additional licenses are needed for management servers or SQL Server technology."

Operations Mangaer, Configuration Manager, Data Protection Manager, Service Manger, Virtual Machine Manager, Endpoint Protection, Orchestrator, and App Controller are all available with one license. At our company we use all of these components except Orchestrator and App Controller, which we may use at some point. At the end of the day we are able to simplify our licensing, and save money by removing Symantec. Luckily we made this move to Endpoint Protection now instead of to Forefront Protection two years ago.

You should take the time to learn orchestrator. I also have datacenter licenses for system center and use the entire stack of programs (well, i'm testing on vmm2012 and hyper-v 3 atm). Orchestrator is bloody fantastic. All the scripts taht used to be running all over the place are now being redone in orchestrator. I have tasks automated to fix common problems via service manager, etc. User deployment is now intiated by HR via service manager, etc. There's huge value in adopting the whole SC suite but there sure is a lot to learn.

What is MS going to recommend to replace TMG for publishing OWA/Outlook Anywhere via reverse proxy?

Forefront UAG can publish resources such as OA, OWA, SharePoint etc. It's as much a re-written UI for TMG as it is new functionality, but UAG is only (currently) supported for incoming access to resources. Note that a lot of the terminology is vastly different - yay for learning curves

I'm hoping (and praying!) that Forefront UAG subsumes the outbound functionality of TMG, which is probably the only missing piece of the puzzle.

Yeah I'm assuming UAG will be the replacement. The fact that there were two was always weird anyway. I think UAG actually includes parts of TMG in it anyway.

What is MS going to recommend to replace TMG for publishing OWA/Outlook Anywhere via reverse proxy?

Forefront UAG can publish resources such as OA, OWA, SharePoint etc. It's as much a re-written UI for TMG as it is new functionality, but UAG is only (currently) supported for incoming access to resources. Note that a lot of the terminology is vastly different - yay for learning curves

I'm hoping (and praying!) that Forefront UAG subsumes the outbound functionality of TMG, which is probably the only missing piece of the puzzle.

Yeah I'm assuming UAG will be the replacement. The fact that there were two was always weird anyway. I think UAG actually includes parts of TMG in it anyway.

It does, but the TMG instance is there only to protect the UAG instance, not to publish content outside of UAG. While you could technically create additional non-UAG generated rules and settings in TMG it is not supported by Microsoft.

UAG has turned into a non-starter here. A lot of trouble out in the field, and requiring Linux users to run their browser as root killed it for our group. Citrix is the clear path forward here (NetScaler, XenDesktop, XenApp, etc.). Microsoft still does not quite get security, especially when it comes to best practices for other Operating Systems they say they support with UAG.

I think that it's important to note that "Microsoft Security Essentials" is a direct derivative of the Microsoft Forefront software that was acquired from a company on Long Island, NY, formerly known as Sybari Antigen.

Anecdotal evidence but myself and a bunch of my friends have had viruses slip by Security Essentials that were caught by MalwareBytes. I've never had Security Essentials flag a virus. Once is enough, five times is way too many.

Hi All,I am a Senior Recruiter who has recently returned to the IT Consulting world and I have to admit that I need some input to understand what they are looking for. The requirement states that they are looking for the following

"Must have experience with Microsoft Forefront Identity Manager, SailPoint and Ping Federate Single Sign On." Plus they do have Tripwire.

Two questions:

First, what are the differences between the tools that they have listed?

Second, are these tools that are commonly aggregated for a specific purpose and are they commonly combined for some purpose?